From fc1913fef29fbc7f90e8e2fe9374b761411f09ae Mon Sep 17 00:00:00 2001
From: jim-p <jimp@pfsense.org>
Date: Mon, 22 May 2017 15:29:10 -0400
Subject: Provide a useful error message to the user when there is no private
 CA with which to create a new user certificate. Fixes #7585

---
 src/usr/local/www/system_usermanager.php | 41 ++++++++++++++++++++------------
 1 file changed, 26 insertions(+), 15 deletions(-)

diff --git a/src/usr/local/www/system_usermanager.php b/src/usr/local/www/system_usermanager.php
index 6966190..1482663 100644
--- a/src/usr/local/www/system_usermanager.php
+++ b/src/usr/local/www/system_usermanager.php
@@ -106,6 +106,18 @@ if ($_POST['act'] == "deluser") {
 	 */
 	$pconfig['utype'] = "user";
 	$pconfig['lifetime'] = 3650;
+
+	$nonPrvCas = array();
+	if (is_array($config['ca']) && count($config['ca']) > 0) {
+		foreach ($config['ca'] as $ca) {
+			if (!$ca['prv']) {
+				continue;
+			}
+
+			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
+		}
+	}
+
 }
 
 if (isset($_POST['dellall'])) {
@@ -848,12 +860,20 @@ if ($act == "new" || $act == "edit" || $input_errors):
 
 	// ==== Button for adding user certificate ================================
 	if ($act == 'new') {
-		$section->addInput(new Form_Checkbox(
-			'showcert',
-			'Certificate',
-			'Click to create a user certificate',
-			false
-		));
+		if (count($nonPrvCas) > 0) {
+			$section->addInput(new Form_Checkbox(
+				'showcert',
+				'Certificate',
+				'Click to create a user certificate',
+				false
+			));
+		} else {
+			$section->addInput(new Form_StaticText(
+				'Certificate',
+				gettext('No private CAs found. A private CA is required to create a new user certificate. ' .
+					'Save the user first to import an external certificate.')
+			));
+		}
 	}
 
 	$form->add($section);
@@ -888,15 +908,6 @@ if ($act == "new" || $act == "edit" || $input_errors):
 		$section = new Form_Section('Create Certificate for User');
 		$section->addClass('cert-options');
 
-		$nonPrvCas = array();
-		foreach ($config['ca'] as $ca) {
-			if (!$ca['prv']) {
-				continue;
-			}
-
-			$nonPrvCas[ $ca['refid'] ] = $ca['descr'];
-		}
-
 		if (!empty($nonPrvCas)) {
 			$section->addInput(new Form_Input(
 				'name',
-- 
cgit v1.1